[Snort-users] barnyard file reading question

Mark Olbert mark at ...11252...
Sun Feb 22 21:32:08 EST 2004

I'm having trouble getting barnyard to read files:

[root at ...11253... /home/mark]# barnyard -f /var/log/snort/snort.log.1077507761

-*> Barnyard! <*-

Version 0.1.0 (Build 17)

By Andrew R. Baker (andrewb at ...950...)

and Martin Roesch (roesch at ...1935..., www.snort.org)

Loading Data Processors...

dp_alert loaded

dp_log loaded

dp_stream_stat loaded

Loading Built-in Output Plugins...

Fast Alert plugin initialized

AlertSyslog initialized

Log Dump plugin initialized

LogPcap initialized

AlertCSV initialized

Parsing Config file: /etc/snort/barnyard.conf

WARNING: '/' detected in filename.  Correcting your mistake!!!!

WARNING: spool_dir set to "/var/log/snort"

Barnyard Version 0.1.0 (Build 17) started

Unable to open spool file



Using a local file name (i.e., leaving off the /var/log/snort) also results
in an "unable to open spool file" error.

I'm sure I'm missing something obvious, but I haven't been able to figure it
out so far.

- Mark

mark at ...11252...


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040222/64016c6e/attachment.html>

More information about the Snort-users mailing list